<!DOCTYPE html>
<html lang="en">
<head>
  <meta name="generator" content=
  "HTML Tidy for Linux (vers 25 March 2009), see www.w3.org">

  <title>Checker Framework Tutorial - Security Error - Command
  Line</title>
  <link href="bootstrap/css/bootstrap.css" rel="stylesheet" type=
  "text/css">
  <script type="text/javascript" src="bootstrap/js/bootstrap.min.js">
</script>
  <link href="css/main.css" rel="stylesheet" type="text/css">
  <link rel="icon" type="image/png" href=
  "https://checkerframework.org/favicon-checkerframework.png">
  </head>

<body>
  <div class="top_liner"></div>

  <div class="navbar navbar-inverse navbar-fixed-top" style=
  "border-bottom: 1px solid #66d;">
    <div class="navbar-inner">
      <div class="contained">
        <ul class="nav">
          <li class="heading">Checker Framework:</li>

          <li><a href="https://checkerframework.org/">Main Site</a></li>

          <li><a href=
          "https://checkerframework.org/manual/">
          Manual</a></li>

          <li><a href=
          "https://groups.google.com/forum/#!forum/checker-framework-discuss">
          Discussion List</a></li>

          <li><a href=
          "https://github.com/typetools/checker-framework/issues">Issue
          Tracker</a></li>

          <li><a href=
          "https://github.com/typetools/checker-framework">Source
          Code</a></li>

          <li class="active"><a href=
          "https://checkerframework.org/tutorial/">Tutorial</a></li>
        </ul>
      </div>
    </div>
  </div><img src="https://checkerframework.org/CFLogo.png" alt="Checker Framework logo">

  <div class="page-header short" style=
  "border-bottom: 1px solid #EEE; border-top: none;">
    <h1>Checker Framework Tutorial</h1>

    <h2><small>Previous <a href="user-input-cmd.html">Validating User
    Input</a></small></h2>
  </div>

  <div id="introduction">
    <div class="page-header short" style="border-top: none;">
      <h2>Finding a Security Error</h2>
    </div>

    <p>This example uses the Tainting Checker to verify that user input
    does not contain SQL statements, thus preventing SQL injection. (If
    you have not already done so, download <a href=
    "../sourcefiles.zip">the tutorial sourcefiles</a>.)</p>

    <div class="well">
      <h5>Outline</h5>

      <ol>
        <li><a href="#run1">Run the Tainting Checker &mdash; 1 error
        found</a></li>

        <li><a href="#error1">Correct the error</a></li>

        <li><a href="#run2">Re-run the Tainting Checker &mdash; a new error is
        found</a></li>

        <li><a href="#error2">Correct the new error</a></li>

        <li><a href="#run3">Re-run the Tainting Checker &mdash; no errors</a></li>
      </ol>
    </div>

    <div id="run1">
      <h4>1. Run the Tainting Checker &mdash; 1 error found</h4>

      <p>Run the buildfile:
      <br/> (The Ant buildfile
      makes use of the <a href=
      "https://checkerframework.org/manual/#ant-task">
      Checker Framework support for Ant</a>.)</p>
      <pre>
$ <b>cd personalblog-demo</b>
$ <b>ant</b>
Buildfile: .../personalblog-demo/build.xml

clean:

check-tainting:
    [mkdir] Created dir: .../personalblog-demo/bin
[cf.javac] Compiling 2 source files to .../personalblog-demo/bin
[cf.javac] javac 1.8.0-jsr308-3.12.0
[cf.javac] .../personalblog-demo/src/net/eyde/personalblog/service/PersonalBlogService.java:175: error: incompatible types in argument.
[cf.javac]                     "where post.category like '%", category,
[cf.javac]                                                    ^
[cf.javac]   found   : @Tainted String
[cf.javac]   required: @Untainted String
[cf.javac] 1 error

BUILD FAILED
.../personalblog-demo/build.xml:35: Compile failed; see the compiler error output for details.

Total time: 2 seconds

</pre>

      <p>The checker issues an error for <code>getPostsByCategory()</code>
      because the possibly-tainted string <code>category</code> is used in
      the query construction. This string could contain SQL statements
      that could taint the database. The programmer must ensure that
      <code>category</code> does not contain malicious SQL code.</p>
    </div>

    <div id="error1">
      <h4>2. Correct the Error</h4>

      <p>To correct this error, <b>add <code>@Untainted</code></b> to the
      type of the <code>category</code> parameter.</p>
      <pre>
     public List&lt;?&gt; getPostsByCategory(<b>@Untainted</b> String category) throws ServiceException {
</pre>This forces clients to pass an <code>@Untainted</code> value, which
was the intention of the designer of the <code>getPostsByCategory</code>
method.
    </div>

    <div id="run2">
      <h4>3. Re-run the Tainting Checker &mdash; a new error is found</h4>

      <p>Run the Tainting Checker again.</p>

      <pre>
$ <strong>ant</strong>
Buildfile: .../personalblog-demo/build.xml

clean:
   [delete] Deleting directory .../personalblog-demo/bin

check-tainting:
    [mkdir] Created dir: .../personalblog-demo/bin
[cf.javac] Compiling 2 source files to .../personalblog-demo/bin
[cf.javac] javac 1.8.0-jsr308-3.12.0
[cf.javac] .../personalblog-demo/src/net/eyde/personalblog/struts/action/ReadAction.java:58: error: incompatible types in argument.
[cf.javac]                          pblog.getPostsByCategory(reqCategory));
[cf.javac]                                                   ^
[cf.javac]   found   : @Tainted String
[cf.javac]   required: @Untainted String
[cf.javac] 1 error

BUILD FAILED
.../personalblog-demo/build.xml:35: Compile failed; see the compiler error output for details.

Total time: 2 seconds

</pre>

      <p>There is an error in <code>ReadAction.executeSub()</code>, which
      is a client of <code>getPostsByCategory</code>. The
      <code>reqCategory</code> is accepted from the user (from request
      object) without validation.</p>
    </div>

    <div id="error2">
      <h4>4. Correct the New Error</h4>To correct, <b>use the
      <code>validate</code> method</b> as shown below.
      <pre>
    String reqCategory = <b>validate(</b>cleanNull(request.getParameter("cat"))<b>)</b>;
</pre>
    </div>

    <div id="run3">
      <h4>5. Re-run the Tainting Checker &mdash; no errors</h4>

      <p>There should be no errors.</p>
      <pre>
$ <strong>ant</strong>
Buildfile: .../personalblog-demo/build.xml

clean:
   [delete] Deleting directory .../personalblog-demo/bin

check-tainting:
    [mkdir] Created dir: .../personalblog-demo/bin
[cf.javac] Compiling 2 source files to .../personalblog-demo/bin
[cf.javac] javac 1.8.0-jsr308-3.12.0

BUILD SUCCESSFUL
Total time: 2 seconds
</pre>

      <p>You are done with the personalblog-demo project,
      so return to the parent directory</p>

      <pre>
$ <strong>cd ..</strong>
</pre>

      <p>For a complete discussion of how to use the Tainting Checker,
      please read the <a href=
      "https://checkerframework.org/manual/#tainting-checker">
      Tainting Checker chapter</a> in the Checker Framework manual.</p>
    </div>
  </div>

  <div id="installation">
    <div class="page-header short">
      <h2><small>Next, try <a href="encryption-checker-cmd.html">Writing
      an Encryption Checker</a> or return to the <a href=
      "../index.html">main page</a> of the Tutorial.</small></h2>
    </div>
  </div><!--
<div class="bottom_liner well">
    <a href="#">Top</a>
</div>
-->
  <!--  LocalWords:  Plugin plugin VM SDK plugins quals classpath
 -->
  <!--  LocalWords:  NullnessChecker plugin's
 -->
</body>
</html>
